Cross-Site Request Forgery Vulnerability in HP Operations Orchestration
CVE-2015-5451

Currently unrated

Key Information:

Vendor: HP
Status: Operations Orchestration
Vendor: CVE Published:; 23 November 2015

Summary

A cross-site request forgery (CSRF) vulnerability exists in HP Operations Orchestration Central 10.x versions prior to 10.22.001. This flaw allows remote attackers to exploit the system and potentially hijack the authentication of users. Attackers may leverage various vectors, leading to unauthorized actions on behalf of users without their consent. Organizations utilizing affected versions should promptly evaluate their systems and apply necessary updates to mitigate risks associated with this vulnerability.

References

http://www.securitytracker.com/id/1034177

vdb-entryx_refsource_SECTRACK

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 23, 2015
Vulnerability Reserved
Jul 7, 2015